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In the Claims 

For the convenience of the Examiner, all pending claims are set forth below, whether 
or not an amendment is made. Please amend the claims as follows: 

1 . (Currently Amended) Computer apparatus configured to discover roles from 
structure existing amongst users to whom resources have been assigned, the apparatus 
comprising: 

a processor, 

an input for receiving a set of nodes of users, and of resources, each user of said set 
comprising a node with an assignment of resources the sets being partitioned, one part 
comprising said users and one part comprising said resources, said assignments being 
incorporated as links between respective users and resources over said partitioning, and 

a discovery unit a associated with said input and operable via said processor, 
configured for automatically searching for patterns within said links between users and 
resources partitioned into a set of users and a set of resources, wherein: said users — and 
said resources, 

each user of said set of nodes of users comprises a node with an 
assignment of resources from the set of nodes of resources, and 

the links comprise said assignments between respective users and 

resources, 

a grouping unit, associated with said discovery unit, configured to use said discovered 
patterns to form at least one group from said user nodes or said resource nodes using said 
automatically discovered patterns, such that users or resources having all of a subset of at 
least two links to common resources or users are placed into a same group, and 

an output unit configured for outputting said group of users or resources as a role. 

2. (Previously Presented) The apparatus of claim 1, wherein said relationships 
are access permissions. 

3. (Previously Presented) The apparatus of claim 1, wherein said relationships 
are usage levels of respective resources by respective users. 
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4. (Original) The apparatus of claim 2, wherein said relationships further 
comprise user access permission levels for respective resources. 

5. (Original) The apparatus of claim 2, wherein said at least one group is 
definitive of a user role on said network. 

6. (Previously Presented) The apparatus of claim 1, wherein said user nodes 
comprise entities having attributes, and said relationships represent a respective user 
possessing a respective attribute. 

7. (Currently Amended) The apparatus of claim 2, wherein said pattern 
recognition discovery unit is associated with a search engine operable to use a search tree to 
begin with a single resource and its associated users, and iteratively to add resources and 
remove users not having a predefined relationship with said iteratively added resources, to 
meet a resource number, or a user number constraint. 

8. (Original) The apparatus of claim 7, wherein said search engine is operable to 
use a homogeneity measure to determine whether to consider a candidate grouping in said 
search. 

9. (Original) The apparatus of claim 7, wherein said search engine is operable to 
use a homogeneity measure to determine in which order to consider a candidate grouping in 
said search. 

10. (Original) The apparatus of claim 7, wherein said search engine is operable 
within said iterative stages to add further resources common to a current set of users. 

1 1 . (Original) The apparatus of claim 1 0, wherein said search engine is operable 
to compute a set of all users related to a current set of resources. 
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12. (Original) The apparatus of claim 11, wherein said search engine is operable 
to consider for expansion all resources outside said current set of resources that have at least 
one relationship connection with a current set of users. 

13. (Original) The apparatus of claim 8, wherein the set of users associated with 
each of said nodes is associated with attributes, and wherein said homogeneity measure is the 
percentage of occurrence of a given attribute, multiplied by the log value thereof, summed 
over all such users in said result. 

14. (Original) The apparatus of claim 8, wherein the set of resources associated 
with each of said nodes is associated with attributes, and wherein said homogeneity measure 
is the percentage of occurrence of a given attribute, multiplied by the log value thereof, 
summed over all such resources in said result. 

15. (Original) The apparatus of claim 8, wherein said homogeneity measure is the 
percentage of occurrence of a given resource relationship for any of the users associated with 
at least one of the resources of said node, multiplied by the log value thereof, summed over 
all users of said node in said result. 

16. (Original) The apparatus of claim 8, wherein said homogeneity measure is the 
percentage of occurrence of a given user relationship for any of the resources associated with 
at least one of the users of said node, multiplied by the log value thereof, summed over all 
resources of said node in said result. 

17. (Currently Amended) The apparatus of claim 1, wherein said pattern 
recognition discovery unit is operable to use said pattern recognition within an iterative tree 
searching process. 

18. (Currently Amended) The apparatus of claim 1, wherein said pattern 
recognition discovery unit is operable to insert said groupings as an intermediate set amongst 
said nodes. 
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19. (Currently Amended) The apparatus of claim 1, wherein said users and said 
resources are arranged into three sets, an intermediate one of said sets comprising 
predetermined relationship dependent groupings of at least some of the users in a first of said 
sets, said pattern recognition discovery unit being operable to use said pattern recognition to 
add new groups to said intermediate set. 

20. (Currently Amended) The apparatus of claim 1, wherein said input is 
associated with further comprising a graphical expositor , configured to present said input in 
a graph, said graphical expositor being operable to graphically represent said user nodes and 
said resource nodes within said sets. 

21. (Currently Amended) The apparatus of claim 20, wherein the graphical 
expositor is user interactive to manually modify the groupings discovered by the pattern 
recognition engine discovery unit . 

22. (Currently Amended) The apparatus of claim 20, wherein said graphical 
expositor is further operable to partition the graph into sub-graphs, each of the sub-graphs 
itself being a partitioned graph having at least two sets, the sub-graphs being limited to a 
subset of the users in one of the sets, and further comprising all the resources in the other set 
that are linked to users of said subset, and wherein said pattern recognition discovery unit is 
further operable to perform groupings on each of the subgraphs, and then to merge the results 
into a full graph. 

23. (Currently Amended) The apparatus of claim 20, wherein said graphical 
expositor is further operable to partition the graph into sub-graphs, each of the sub-graphs 
itself being a bi-partite graph limited to a subset of the resources in the second set, and further 
comprising all the users in the first set that are linked thereto, and wherein said pattern 
recognition discovery unit is further operable to perform groupings on each of the subgraphs, 
and then to merge the results into a full graph. 



DAL01:I05I541.2 



ATTORNEY DOCKET NO. PATENT APPLICATION 

063170.9268 10/087,990 

6 

24. (Original) The apparatus of claim 20, wherein said graphical expositor, is user 
interactive to allow an operator to review user group associations and user resource relations, 
and to allow said operator to manipulate user access rights. 
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25. (Currently Amended) Role discovery method for electronically grouping 
nodes according to existing relationships with resources, the method comprising: 

receiving an arrangement of nodes and resources, said resources being partitioned 
from said nodes and with predetermined relationships between ones of said resourc e s and 
corresponding nodes, and 

automatically discovering existing relationship patterns between said an arrangement 
of nodes and resources across said partitioning a partition between said nodes and 
resources, wherein the patterns are discovered from predetermined relationships 
between ones of said resources and corresponding nodes, 

using said discovered patterns, grouping said arrangement of nodes, wherein said 
grouped nodes share relationships with at least two common resources, and 

outputting said grouping of nodes having common patterns of at least two existing 
relationships as a role. 
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26. (Currently Amended) A reverse engineering device for discovering existing 
structure in a partitioned arrangement of nodes and resources wherein nodes have 
relationships with various of said resources, the device comprising: 

a processor, 

an input configured for receiving said partitioned arrangement of nodes and resources, 
said arrangement comprising at least two sets, said partitions being of said nodes and said 
resources respectiv e ly, and with predetermined relationships defined between said nodes and 
said resources across said sets, and 

a discovery unit configured to work with said processor, for automatically discovering 
relationship patterns within said existing relationships between a partitioned arrangement 
of said nodes and said resources, wherein: 

the arrangement comprises at least two sets, and 

the existing relationships comprise predetermined relationships defined 
between said nodes and said resources across said sets, and 

the discovery unit uses using pattern recognition on said nodes, said 
resources and said predetermined relationships, 

a node-grouping unit associated with said pattern recognition unit and configured to 
operate with said processor to use said discovered relationship patterns to form groups from 
said nodes, such that those nodes that share similar subsets of at least two relationships with 
said resources are placed in a group together, and 

an output configured to output respective groups of nodes having said similar subsets 
of at least two relationships as roles. 
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27. (Currently Amended) A Computer computer device comprising: 
a processor 

a first series of user definitions, each user in said definitions defined as a user node; 
a second series of resource definitions, each resource in said definitions defined as a 
resource node; 

access data indicating access of users to respective resources; and 

a pattern recognition unit operable with said processor for automatically recognizing 

pre-existing patterns in said access data, said patterns indicative of a way of grouping said 

user nodes of said each user so as to discover groups of user nodes having common subsets 

of access data related to at least two resources, and 

a group definition unit operable with said processor and said pattern recognition unit 

configured to output groups so discovered as roles. 

28. (Cancelled) The apparatus of claim 1, wherein said role comprises said users 
or said resources sharing only said subset. 
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29. (Currently Amended) Pattern recognition apparatus for grouping nodes 
according to relationships with other nodes, the apparatus comprising: 

an input for receiving nodes partitioned into a first set and a second set, and with 
relationships between nodes in respective first and second sets defined by links across said 
partition, and 

a pattern recognition processor associated with said input, for using pattern 
recognition on said links between nodes partitioned into a first set and a second set to find 
relationship patterns within said links, and from said patterns to form at least one group from 
nodes of said first set, wherein said nodes being formed into said group share relationships 
with at least two nodes in said second set , and [[.]] 

wherein the links define relationships across said partition between nodes in the 
first set and the second set. 
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30. (Currently Amended) A Group group discovery method , comprising: far 

automatically discovering groups according to an initially unknown structure in existing 
electronically held data, said electronically held data comprising nodes partitioned into first 
and second data sets, wherein links exist within said data between nodes in said first data set 
and nodes in said second data set, the initially unknown structure being within said links, the 
method comprising: 

electronically searching said data for links between nodes partitioned into a first 
data set and a second data set wherein: said links exist between nodes in the first data 
set and nodes in the second data set, and 

grouping nodes in said first set according to respective links found by the electronic 
searching such that all nodes in said first set having links to at least two commonly held 
nodes in said second set are assigned to a same group, thereby discovering groups in said 
data, according to said initially unknown structure. 
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31. (Currently Amended) A method of automatically grouping users having 
links or attributes into one or more groups based on said links or attributes, the method 
comprising: 

searching for the links or attributes of the users, wherein the links or attributes 
of each user characterize an association between the user and a resource; 

providing a group for users sharing all of a subset of at least two of said links or 
attributes discovered by the searching step , and 
outputting said provided groups. 

32. (Previously Presented) The apparatus of claim 1, wherein said discovery unit 
is configured to carry out said searching by one member of the group consisting of a 
clustering algorithm, an incremental search and a search tree. 

33. (Previously Presented) The apparatus of claim 1, wherein said outputting said 
group comprises outputting a characteristic of said group. 
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34. (Currently Amended) A search method for automatically searching initially 
unknown structures in existing electronically held data, said electronically held data 
comprising nodes partitioned into first and second data s e ts, wherein links exist within said 
data between nodes in said first data set and nodes in said second data set, the initially 
unknown structure being within said links, the method comprising: 

electronically searching said data comprising nodes partitioned into first and 
second data sets, wherein links exist within said data between nodes in said first data set 
and nodes in said second data set, such links being discovered as a result of the 
electronic searching, according to said links, and 

grouping nodes in said first set according to respective links discovered as a result of 
the electronic searching such that all nodes in said first set having links to at least two 
commonly held nodes in said second set are assigned to a same group, , thereby discovering 
groups in said data according to said initially unknown structure. 
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35. (Currently Amended) A search Search apparatus for automatically 
searching initially unknown structures in existing electronically held data, said electronically 
held data comprising nodes partitioned into first and second data sets, wherein links exist 
within said data between nodes in said first data set and nodes in said second data seV*he 
initially unknown structure being within said links, the apparatus comprising: 

a search unit, configured for electronically searching said for links within data 
comprising nodes partitioned into first and second data sets, wherein said links exist 
within said data between nodes in said first data set and nodes in said second data set, 
according to said links, and 

a structuring unit, associated with said search unit, configured for grouping nodes in 
said first set according to respective links discovered by the search unit such that all nodes 
in said first set having links to at least two commonly held nodes in said second set are 
assigned to a same group, thereby discovering groups in said data, according to said initially 
unknown structure. 
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